CtrlK
CommunityDocumentationLog inGet started
Tessl Logo

scanning-input-validation-practices

tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill scanning-input-validation-practices

This skill enables Claude to automatically scan source code for potential input validation vulnerabilities. It identifies areas where user-supplied data is not properly sanitized or validated before being used in operations, which could lead to security exploits like SQL injection, cross-site scripting (XSS), or command injection. Use this skill when the user asks to "scan for input validation issues", "check input sanitization", "find potential XSS vulnerabilities", or similar requests related to securing user input. It is particularly useful during code reviews, security audits, and when hardening applications against common web vulnerabilities. The skill leverages the input-validation-scanner plugin to perform the analysis.

60%

Overall

Validation81%

Implementation20%

Activation100%

SKILL.md
Review
Evals

Validation

81%
CriteriaDescriptionResult

metadata_version

'metadata' field is not a dictionary

Warning

license_field

'license' field is missing

Warning

body_output_format

No obvious output/return/format terms detected; consider specifying expected outputs

Warning

Total

13

/

16

Passed

Implementation

20%

This skill content reads like marketing copy rather than actionable technical guidance. It explains what input validation scanning is and why it matters (which Claude already knows) but never shows how to actually invoke the input-validation-scanner plugin, what parameters it accepts, or what output format to expect. The examples are purely descriptive rather than demonstrative.

Suggestions

Add concrete plugin invocation syntax showing exactly how to call the input-validation-scanner plugin with actual parameters and file paths

Include a real example of plugin output (e.g., JSON schema or sample report) so Claude knows what to expect and how to interpret results

Remove the Overview, 'How It Works', and 'When to Use' sections - this context is already provided in the skill description and wastes tokens

Add specific remediation guidance or code patterns for fixing identified vulnerabilities rather than just 'review in context'

DimensionReasoningScore

Conciseness

The content is verbose and explains concepts Claude already knows (what XSS is, what SQL injection is, why input validation matters). The 'Overview' and 'How It Works' sections add little actionable value and could be eliminated entirely.

1 / 3

Actionability

No concrete code, commands, or executable guidance is provided. The examples describe what the skill 'will do' in abstract terms but never show actual plugin invocation syntax, command-line usage, or expected output format.

1 / 3

Workflow Clarity

Steps are listed in 'How It Works' but lack specificity - no actual commands to run, no validation checkpoints, and no guidance on what to do when vulnerabilities are found beyond 'review in context'.

2 / 3

Progressive Disclosure

Content is organized into sections but everything is inline in one file. The 'Integration' section mentions other skills but provides no links. For a skill of this length, the structure is adequate but the content itself is padded.

2 / 3

Total

6

/

12

Passed

Activation

100%

This is a well-crafted skill description that excels across all dimensions. It provides specific capabilities, includes natural trigger terms users would actually say, explicitly states both what the skill does and when to use it, and carves out a distinct niche in input validation security scanning. The description uses proper third-person voice throughout.

DimensionReasoningScore

Specificity

Lists multiple specific concrete actions: 'scan source code for potential input validation vulnerabilities', 'identifies areas where user-supplied data is not properly sanitized', and names specific vulnerability types (SQL injection, XSS, command injection).

3 / 3

Completeness

Clearly answers both what (scans for input validation vulnerabilities, identifies unsanitized user data) and when (explicit 'Use this skill when...' clause with specific trigger phrases and use cases like code reviews and security audits).

3 / 3

Trigger Term Quality

Includes excellent natural trigger terms users would say: 'scan for input validation issues', 'check input sanitization', 'find potential XSS vulnerabilities', plus contextual triggers like 'code reviews', 'security audits', and 'hardening applications'.

3 / 3

Distinctiveness Conflict Risk

Has a clear niche focused specifically on input validation vulnerabilities with distinct triggers like 'XSS', 'SQL injection', 'input sanitization' that are unlikely to conflict with general code review or other security skills.

3 / 3

Total

12

/

12

Passed

Reviewed

Table of Contents

ValidationImplementationActivation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill